mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/drivers/scsi
History
Manish Rangankar eaddb86637 scsi: qedi: Fix crash while reading debugfs attribute 
[ Upstream commit 28027ec8e3 ]

The qedi_dbg_do_not_recover_cmd_read() function invokes sprintf() directly
on a __user pointer, which results into the crash.

To fix this issue, use a small local stack buffer for sprintf() and then
call simple_read_from_buffer(), which in turns make the copy_to_user()
call.

BUG: unable to handle page fault for address: 00007f4801111000
PGD 8000000864df6067 P4D 8000000864df6067 PUD 864df7067 PMD 846028067 PTE 0
Oops: 0002 [#1] PREEMPT SMP PTI
Hardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 06/15/2023
RIP: 0010:memcpy_orig+0xcd/0x130
RSP: 0018:ffffb7a18c3ffc40 EFLAGS: 00010202
RAX: 00007f4801111000 RBX: 00007f4801111000 RCX: 000000000000000f
RDX: 000000000000000f RSI: ffffffffc0bfd7a0 RDI: 00007f4801111000
RBP: ffffffffc0bfd7a0 R08: 725f746f6e5f6f64 R09: 3d7265766f636572
R10: ffffb7a18c3ffd08 R11: 0000000000000000 R12: 00007f4881110fff
R13: 000000007fffffff R14: ffffb7a18c3ffca0 R15: ffffffffc0bfd7af
FS:  00007f480118a740(0000) GS:ffff98e38af00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4801111000 CR3: 0000000864b8e001 CR4: 00000000007706e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
 <TASK>
 ? __die_body+0x1a/0x60
 ? page_fault_oops+0x183/0x510
 ? exc_page_fault+0x69/0x150
 ? asm_exc_page_fault+0x22/0x30
 ? memcpy_orig+0xcd/0x130
 vsnprintf+0x102/0x4c0
 sprintf+0x51/0x80
 qedi_dbg_do_not_recover_cmd_read+0x2f/0x50 [qedi 6bcfdeeecdea037da47069eca2ba717c84a77324]
 full_proxy_read+0x50/0x80
 vfs_read+0xa5/0x2e0
 ? folio_add_new_anon_rmap+0x44/0xa0
 ? set_pte_at+0x15/0x30
 ? do_pte_missing+0x426/0x7f0
 ksys_read+0xa5/0xe0
 do_syscall_64+0x58/0x80
 ? __count_memcg_events+0x46/0x90
 ? count_memcg_event_mm+0x3d/0x60
 ? handle_mm_fault+0x196/0x2f0
 ? do_user_addr_fault+0x267/0x890
 ? exc_page_fault+0x69/0x150
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f4800f20b4d

Tested-by: Martin Hoyer <mhoyer@redhat.com>
Reviewed-by: John Meneghini <jmeneghi@redhat.com>
Signed-off-by: Manish Rangankar <mrangankar@marvell.com>
Link: https://lore.kernel.org/r/20240415072155.30840-1-mrangankar@marvell.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2024-06-27 13:46:15 +02:00
..
aacraid Revert "scsi: aacraid: Reply queue mapping to CPUs based on IRQ affinity" 2024-01-01 12:39:06 +00:00
aic7xxx scsi: aic79xx: Use __ro_after_init explicitly 2022-09-15 22:01:24 -04:00
aic94xx scsi: aic94xx: Add missing check for dma_map_single() 2023-03-10 09:33:20 +01:00
arcmsr scsi: arcmsr: Support new PCI device IDs 1883 and 1886 2024-02-05 20:12:50 +00:00
arm scsi: arm: Move the SCSI pointer to private command data 2022-02-22 21:11:03 -05:00
be2iscsi scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() 2023-12-13 18:39:16 +01:00
bfa scsi: bfa: Ensure the copied buf is NUL terminated 2024-06-12 11:03:16 +02:00
bnx2fc scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload 2024-05-17 11:56:04 +02:00
bnx2i scsi: iscsi: Fix session removal on shutdown 2022-06-21 21:14:54 -04:00
csiostor scsi: csiostor: Avoid function pointer casts 2024-03-26 18:20:55 -04:00
cxgbi treewide: use get_random_u32() when possible 2022-10-11 17:42:58 -06:00
cxlflash scsi: cxlflash: Drop DID_ALLOC_FAILURE use 2022-09-06 22:05:59 -04:00
device_handler scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() 2023-03-30 12:49:03 +02:00
elx scsi: elx: libefc: Fix second parameter type in state callbacks 2022-12-31 13:33:05 +01:00
esas2r scsi: esas2r: Use flex array destination for memcpy() 2022-09-06 22:24:37 -04:00
fcoe scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" 2024-02-23 09:12:37 +01:00
fnic scsi: fnic: Return error if vmalloc() failed 2024-01-25 15:27:26 -08:00
hisi_sas scsi: hisi_sas: Modify the deadline for ata_wait_after_reset() 2024-04-17 11:18:23 +02:00
ibmvscsi scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool 2023-11-28 17:06:59 +00:00
ibmvscsi_tgt scsi: ibmvscsi_tgt: Fix repeated words in comment 2022-09-15 22:30:26 -04:00
isci scsi: isci: Fix an error code problem in isci_io_request_build() 2024-02-05 20:13:00 +00:00
libfc scsi: libfc: Fix up timeout error in fc_fcp_rec_error() 2024-02-05 20:12:51 +00:00
libsas scsi: libsas: Fix the failure of adding phy with zero-address to port 2024-06-12 11:03:12 +02:00
lpfc scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() 2024-05-17 11:56:03 +02:00
megaraid scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers 2023-11-28 17:07:07 +00:00
mpi3mr scsi: mpi3mr: Fix ATA NCQ priority support 2024-06-21 14:35:44 +02:00
mpt3sas scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory 2024-06-21 14:35:44 +02:00
mvsas scsi: mvsas: Add PCI ID of RocketRaid 2640 2022-04-06 22:27:08 -04:00
pcmcia scsi: sym53c500_cs: Stop using struct scsi_pointer 2022-04-06 22:11:52 -04:00
pm8001 scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command 2023-10-06 14:56:54 +02:00
qedf scsi: qedf: Ensure the copied buf is NUL terminated 2024-06-12 11:03:16 +02:00
qedi scsi: qedi: Fix crash while reading debugfs attribute 2024-06-27 13:46:15 +02:00
qla2xxx scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() 2024-06-12 11:03:47 +02:00
qla4xxx scsi: qla4xxx: Add length check when parsing nlattrs 2023-09-13 09:42:52 +02:00
smartpqi scsi: smartpqi: Fix disable_managed_interrupts 2024-03-01 13:26:35 +01:00
snic scsi: snic: Fix double free in snic_tgt_create() 2023-08-30 16:11:12 +02:00
sym53c8xx_2 scsi: sym53c8xx_2: Remove redundant "with" 2022-06-21 21:41:19 -04:00
.gitignore
3w-9xxx.c scsi: 3w-9xxx: Avoid disabling device if failing to enable it 2022-09-06 22:22:24 -04:00
3w-9xxx.h
3w-sas.c
3w-sas.h
3w-xxxx.c scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() 2023-07-19 16:21:35 +02:00
3w-xxxx.h scsi: 3w-xxxx: Replace one-element array with flexible-array member 2022-09-25 13:06:00 -04:00
53c700.c scsi: 53c700: Check that command slot is not NULL 2023-08-16 18:27:30 +02:00
53c700.h
53c700.scr
53c700_d.h_shipped
BusLogic.c scsi: BusLogic: Remove bus_to_virt() 2022-06-27 22:52:05 -04:00
BusLogic.h
FlashPoint.c scsi: FlashPoint: Remove redundant variable bm_int_st 2022-08-01 19:52:03 -04:00
Kconfig scsi: jazz_esp: Only build if SCSI core is builtin 2024-03-01 13:26:35 +01:00
Makefile scsi: dpt_i2o: Remove obsolete driver 2022-06-27 22:56:21 -04:00
NCR5380.c scsi: NCR5380: Add SCp members to struct NCR5380_cmd 2022-02-22 21:11:03 -05:00
NCR5380.h scsi: NCR5380: Add SCp members to struct NCR5380_cmd 2022-02-22 21:11:03 -05:00
a100u2w.c
a100u2w.h
a2091.c scsi: a2091: Convert m68k WD33C93 drivers to DMA API 2022-07-07 17:01:22 -04:00
a2091.h
a3000.c scsi: a3000: Convert m68k WD33C93 drivers to DMA API 2022-07-07 17:01:22 -04:00
a3000.h
a4000t.c
advansys.c scsi: advansys: Move the SCSI pointer to private command data 2022-02-22 21:11:03 -05:00
aha152x.c scsi: aha152x: Stop using struct scsi_pointer 2022-03-29 23:42:18 -04:00
aha152x.h
aha1542.c scsi: aha1542: Remove unneeded semicolon 2022-04-25 23:25:11 -04:00
aha1542.h
aha1740.c scsi: Remove drivers/scsi/scsi.h 2022-02-22 21:11:02 -05:00
aha1740.h
am53c974.c
atari_scsi.c scsi: NCR5380: Add SCp members to struct NCR5380_cmd 2022-02-22 21:11:03 -05:00
atp870u.c
atp870u.h
bvme6000_scsi.c
ch.c scsi: ch: Do not initialise statics to 0 2022-07-26 22:13:29 -04:00
constants.c
dc395x.c scsi: dc395x: Fix a missing check on list iterator 2022-04-26 08:51:56 -04:00
dc395x.h
dmx3191d.c scsi: NCR5380: Remove the NCR5380_CMD_SIZE macro 2022-02-22 21:11:03 -05:00
esp_scsi.c scsi: esp_scsi: Stop using the SCSI pointer 2022-02-22 21:11:04 -05:00
esp_scsi.h scsi: esp_scsi: Stop using the SCSI pointer 2022-02-22 21:11:04 -05:00
fdomain.c scsi: fdomain: Move the SCSI pointer to private command data 2022-02-22 21:11:04 -05:00
fdomain.h
fdomain_isa.c
fdomain_pci.c
g_NCR5380.c scsi: NCR5380: Add SCp members to struct NCR5380_cmd 2022-02-22 21:11:03 -05:00
gvp11.c scsi: gvp11.c: Fix DMA mask calculation error 2022-07-13 23:18:26 -04:00
gvp11.h
hosts.c scsi: core: Fix unremoved procfs host directory regression 2024-04-03 15:19:51 +02:00
hpsa.c scsi: hpsa: Fix allocation size for Scsi_Host private data 2024-06-12 11:03:12 +02:00
hpsa.h
hpsa_cmd.h
hptiop.c scsi: hptiop: Use struct_size() helper in code related to struct hpt_iop_request_scsi_command 2022-09-25 13:02:23 -04:00
hptiop.h scsi: hptiop: Replace one-element array with flexible-array member in struct hpt_iop_request_ioctl_command() 2022-09-25 13:04:17 -04:00
imm.c scsi: imm: Move the SCSI pointer to private command data 2022-02-22 21:11:04 -05:00
imm.h scsi: imm: Move the SCSI pointer to private command data 2022-02-22 21:11:04 -05:00
initio.c scsi: initio: Remove redundant assignment to pointer scb 2022-08-31 23:39:57 -04:00
initio.h scsi: initio: Stop using the SCSI pointer 2022-02-22 21:11:05 -05:00
ipr.c scsi: ipr: Work around fortify-string warning 2023-03-11 13:55:29 +01:00
ipr.h
ips.c scsi: Remove drivers/scsi/scsi.h 2022-02-22 21:11:02 -05:00
ips.h
iscsi_boot_sysfs.c
iscsi_tcp.c scsi: iscsi_tcp: restrict to TCP sockets 2023-10-06 14:56:38 +02:00
iscsi_tcp.h scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() 2022-09-25 14:27:47 -04:00
jazz_esp.c
lasi700.c
libiscsi.c scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress 2023-02-09 11:28:12 +01:00
libiscsi_tcp.c scsi: iscsi: Remove iscsi_get_task back_lock requirement 2022-06-21 21:19:23 -04:00
mac53c94.c scsi: mac53c94: Fix warning comparing pointer to 0 2022-04-25 23:23:05 -04:00
mac53c94.h scsi: mac53c94: Stop using struct scsi_pointer 2022-02-27 21:35:30 -05:00
mac_esp.c
mac_scsi.c scsi: NCR5380: Add SCp members to struct NCR5380_cmd 2022-02-22 21:11:03 -05:00
megaraid.c scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS 2023-05-11 23:03:19 +09:00
megaraid.h scsi: megaraid: Stop using the SCSI pointer 2022-02-22 21:11:05 -05:00
mesh.c powerpc/powermac: Remove empty function note_scsi_host() 2022-06-26 10:29:44 +10:00
mesh.h scsi: mesh: Stop using struct scsi_pointer 2022-02-27 21:34:02 -05:00
mvme16x_scsi.c
mvme147.c scsi: wd33c93: Move the SCSI pointer to private command data 2022-02-22 21:11:07 -05:00
mvme147.h
mvumi.c scsi: core: Improve type safety of scsi_rescan_device() 2023-10-10 22:00:35 +02:00
mvumi.h scsi: mvumi: Stop using the SCSI pointer 2022-02-22 21:11:06 -05:00
myrb.c scsi: mylex: Fix sysfs buffer lengths 2024-04-10 16:28:31 +02:00
myrb.h
myrs.c scsi: mylex: Fix sysfs buffer lengths 2024-04-10 16:28:31 +02:00
myrs.h
ncr53c8xx.c scsi: zalon: Stop using the SCSI pointer 2022-02-22 21:11:07 -05:00
ncr53c8xx.h scsi: zalon: Stop using the SCSI pointer 2022-02-22 21:11:07 -05:00
nsp32.c scsi: nsp32: Stop using the SCSI pointer 2022-02-22 21:11:06 -05:00
nsp32.h scsi: nsp32: Stop using the SCSI pointer 2022-02-22 21:11:06 -05:00
nsp32_debug.c
nsp32_io.h
pmcraid.c scsi: pmcraid: Fix missing resource cleanup in error case 2022-06-07 22:05:14 -04:00
pmcraid.h scsi: pmcraid: Remove the PMCRAID_PASSTHROUGH_IOCTL ioctl implementation 2022-03-29 23:32:26 -04:00
ppa.c scsi: ppa: Move the SCSI pointer to private command data 2022-02-22 21:11:06 -05:00
ppa.h
ps3rom.c
qla1280.c scsi: qla1280: Remove redundant variable 2022-05-19 20:26:21 -04:00
qla1280.h scsi: qla1280: Move the SCSI pointer to private command data 2022-02-22 21:11:06 -05:00
qlogicfas.c scsi: Remove drivers/scsi/scsi.h 2022-02-22 21:11:02 -05:00
qlogicfas408.c scsi: Remove drivers/scsi/scsi.h 2022-02-22 21:11:02 -05:00
qlogicfas408.h
qlogicpti.c scsi: qlogicpti: Fix dma_map_sg() check 2022-09-06 22:14:14 -04:00
qlogicpti.h
raid_class.c scsi: core: raid_class: Remove raid_component_add() 2023-08-30 16:11:12 +02:00
script_asm.pl
scsi.c scsi: core: Handle devices which return an unusually large VPD page count 2024-06-16 13:41:38 +02:00
scsi_bsg.c scsi: bsg: Drop needless assignment in scsi_bsg_sg_io_fn() 2022-03-15 14:05:02 -04:00
scsi_common.c
scsi_debug.c scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() 2022-12-31 13:32:35 +01:00
scsi_debugfs.c scsi: core: Remove struct scsi_request 2022-03-01 22:21:50 -05:00
scsi_debugfs.h
scsi_devinfo.c scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR 2023-03-30 12:49:21 +02:00
scsi_dh.c
scsi_error.c scsi: core: Move scsi_host_busy() out of host lock if it is for per-command 2024-02-16 19:06:29 +01:00
scsi_ioctl.c scsi: Use blk_rq_map_user_io helper 2022-09-30 07:51:13 -06:00
scsi_lib.c Revert "scsi: core: Add struct for args to execution functions" 2024-04-13 13:05:24 +02:00
scsi_lib_dma.c
scsi_logging.c scsi: core: scsi_logging: Fix a BUG 2022-03-29 23:29:19 -04:00
scsi_logging.h
scsi_netlink.c
scsi_pm.c
scsi_priv.h scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler 2024-02-05 20:13:00 +00:00
scsi_proc.c scsi: core: Fix legacy /proc parsing buffer overflow 2023-08-16 18:27:30 +02:00
scsi_sas_internal.h
scsi_scan.c scsi: sd: Fix TCG OPAL unlock on system resume 2024-04-03 15:19:51 +02:00
scsi_sysctl.c
scsi_sysfs.c scsi: core: Improve type safety of scsi_rescan_device() 2023-10-10 22:00:35 +02:00
scsi_trace.c
scsi_transport_api.h
scsi_transport_fc.c scsi: scsi_transport_fc: Adjust struct fc_nl_event flex array usage 2022-09-25 12:52:48 -04:00
scsi_transport_iscsi.c scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() 2023-09-13 09:42:51 +02:00
scsi_transport_sas.c scsi: mpi3mr: Fix ATA NCQ priority support 2024-06-21 14:35:44 +02:00
scsi_transport_spi.c freezer: Have {,un}lock_system_sleep() save/restore flags 2022-09-07 21:53:48 +02:00
scsi_transport_srp.c
scsicam.c scsicam: Fix use of page cache 2022-05-08 14:28:18 -04:00
sd.c scsi: sd: Use READ(16) when reading block zero on large capacity disks 2024-06-21 14:35:45 +02:00
sd.h scsi: sd: Do not issue commands to suspended disks on shutdown 2023-10-10 22:00:35 +02:00
sd_dif.c scsi: sd: Reorganize DIF/DIX code to avoid calling revalidate twice 2022-05-02 16:59:11 -04:00
sd_zbc.c scsi: sd: Fix wrong zone_write_granularity value during revalidate 2023-03-17 08:50:27 +01:00
sense_codes.h
ses.c scsi: ses: Handle enclosure with just a primary component gracefully 2023-04-20 12:35:13 +02:00
sg.c use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
sgiwd93.c scsi: wd33c93: Move the SCSI pointer to private command data 2022-02-22 21:11:07 -05:00
sim710.c
sni_53c710.c
sr.c block: simplify disk shutdown 2022-06-28 06:30:26 -06:00
sr.h sr: implement ->free_disk to simplify refcounting 2022-03-08 19:40:01 -07:00
sr_ioctl.c scsi: sr: Do not leak information in ioctl 2022-04-18 22:48:31 -04:00
sr_vendor.c
st.c SCSI misc on 20221007 2022-10-07 12:33:18 -07:00
st.h scsi: don't use disk->private_data to find the scsi_driver 2022-03-08 19:40:00 -07:00
st_options.h
stex.c scsi: stex: Fix gcc 13 warnings 2023-06-09 10:34:21 +02:00
storvsc_drv.c scsi: storvsc: Fix ring buffer size calculation 2024-02-23 09:12:32 +01:00
sun3_scsi.c scsi: NCR5380: Add SCp members to struct NCR5380_cmd 2022-02-22 21:11:03 -05:00
sun3_scsi_vme.c
sun3x_esp.c
sun_esp.c
virtio_scsi.c scsi: core: Improve type safety of scsi_rescan_device() 2023-10-10 22:00:35 +02:00
vmw_pvscsi.c scsi: vmw_pvscsi: No need to clear memory after a dma_alloc_coherent() call 2022-04-06 23:01:54 -04:00
vmw_pvscsi.h scsi: vmw_pvscsi: Expand vcpuHint to 16 bits 2022-06-07 21:30:56 -04:00
wd33c93.c scsi: wd33c93: Remove dead code related to the long-gone config WD33C93_PIO 2022-09-25 13:29:53 -04:00
wd33c93.h scsi: wd33c93: Remove dead code related to the long-gone config WD33C93_PIO 2022-09-25 13:29:53 -04:00
wd719x.c scsi: wd719x: Return proper error code when dma_set_mask() fails 2022-03-01 23:56:28 -05:00
wd719x.h scsi: wd719x: Stop using the SCSI pointer 2022-02-22 21:11:07 -05:00
xen-scsifront.c scsi: xen: Drop use of internal host codes 2022-09-06 22:05:58 -04:00
zalon.c scsi: zalon: Stop using the SCSI pointer 2022-02-22 21:11:07 -05:00
zorro7xx.c scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() 2022-03-30 00:05:42 -04:00
zorro_esp.c